npm - @resultcrafter/aimanager-instagram-connector - Versions diffs - 0.2.0 → 0.3.0 - Mend

@resultcrafter/aimanager-instagram-connector 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/aimanager/InstagramOAuth.js +67 -4
package/index.js +162 -99
package/package.json +1 -1

package/aimanager/InstagramOAuth.js CHANGED Viewed

@@ -15,6 +15,58 @@ function getConfig() {
   };
 }
+function getEncryptionKey() {
+  return process.env.TOKEN_ENCRYPTION_KEY || process.env.OAUTH_STATE_SECRET || null;
+}
+function getCipherKey() {
+  var key = getEncryptionKey();
+  if (!key) return null;
+  return crypto.createHash('sha256').update(key).digest();
+}
+function encrypt(data) {
+  var cipherKey = getCipherKey();
+  if (!cipherKey) return null;
+  var text = JSON.stringify(data);
+  var iv = crypto.randomBytes(16);
+  var cipher = crypto.createCipheriv('aes-256-gcm', cipherKey, iv);
+  var encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+  var authTag = cipher.getAuthTag();
+  return {
+    encrypted: encrypted.toString('base64'),
+    iv: iv.toString('base64'),
+    authTag: authTag.toString('base64')
+  };
+}
+function decrypt(encryptedData) {
+  var cipherKey = getCipherKey();
+  if (!cipherKey) return null;
+  var decipher = crypto.createDecipheriv('aes-256-gcm', cipherKey, Buffer.from(encryptedData.iv, 'base64'));
+  decipher.setAuthTag(Buffer.from(encryptedData.authTag, 'base64'));
+  var decrypted = Buffer.concat([
+    decipher.update(Buffer.from(encryptedData.encrypted, 'base64')),
+    decipher.final()
+  ]);
+  return JSON.parse(decrypted.toString('utf8'));
+}
+function encryptToken(tokenData) {
+  var encrypted = encrypt(tokenData);
+  if (encrypted) return encrypted;
+  return tokenData;
+}
+function decryptToken(stored) {
+  if (!stored) return null;
+  if (stored.encrypted && stored.iv && stored.authTag) {
+    var decrypted = decrypt(stored);
+    if (decrypted) return decrypted;
+  }
+  return stored;
+}
 function generateState(sessionId, projectId) {
   var data = {
     sessionId: sessionId || crypto.randomBytes(16).toString('hex'),
@@ -38,7 +90,9 @@ function verifyState(state) {
     var decoded = JSON.parse(Buffer.from(state, 'base64url').toString());
     var hmac = crypto.createHmac('sha256', cfg.stateSecret);
     hmac.update(JSON.stringify(decoded.data));
-    if (decoded.signature !== hmac.digest('hex')) return null;
+    if (decoded.signature !== hmac.digest('hex')) {
+      return null;
+    }
     if (Date.now() - decoded.data.timestamp > 600000) return null;
     return decoded.data;
   } catch (e) {
@@ -94,7 +148,7 @@ async function exchangeCodeForToken(code) {
   };
 }
-async function refreshToken(currentToken) {
+async function refreshToken(currentToken, existingTokenData) {
   var cfg = getConfig();
   var res = await axios.get(INSTAGRAM_GRAPH_BASE + '/refresh_access_token', {
     params: { grant_type: 'ig_refresh_token', access_token: currentToken }
@@ -103,6 +157,10 @@ async function refreshToken(currentToken) {
     access_token: res.data.access_token,
     token_type: res.data.token_type,
     expires_in: res.data.expires_in,
+    user_id: existingTokenData ? existingTokenData.user_id : undefined,
+    instagram_business_id: existingTokenData ? existingTokenData.instagram_business_id : undefined,
+    username: existingTokenData ? existingTokenData.username : undefined,
+    user_info: existingTokenData ? existingTokenData.user_info : undefined,
     created_at: Date.now(),
     expires_at: Date.now() + (res.data.expires_in * 1000)
   };
@@ -134,7 +192,10 @@ async function getTokenStatus(db, projectId) {
   if (!settings || !settings.ig_oauth_token) {
     return { connected: false, instagram_username: null };
   }
-  var token = settings.ig_oauth_token;
+  var token = decryptToken(settings.ig_oauth_token);
+  if (!token) {
+    return { connected: false, instagram_username: null };
+  }
   var daysRemaining = token.expires_at ? Math.floor((token.expires_at - Date.now()) / (1000 * 60 * 60 * 24)) : null;
   return {
     connected: true,
@@ -151,5 +212,7 @@ module.exports = {
   refreshToken: refreshToken,
   getUserInfo: getUserInfo,
   verifyState: verifyState,
-  getTokenStatus: getTokenStatus
+  getTokenStatus: getTokenStatus,
+  encryptToken: encryptToken,
+  decryptToken: decryptToken
 };

package/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ const bodyParser = require("body-parser");
 const handlebars = require('handlebars');
 const path = require('path');
 const fs = require('fs');
+const crypto = require('crypto');
 const pjson = require('./package.json');
 const winston = require('./winston');
 const url = require('url');
@@ -512,136 +513,198 @@ router.post('/tiledesk', async (req, res) => {
   return res.status(200).send({ message: "sent" });
 })
-router.post('/webhookFB', async (req, res) => {
+function convertTestWebhook(body) {
+  if (body.field && body.value) {
+    winston.info("(ig) Converting test webhook from Meta dashboard");
+    var messaging = [];
+    if (body.value && body.value.messages && body.value.messages.data) {
+      body.value.messages.data.forEach(function(msg) {
+        messaging.push({
+          sender: { id: msg.from ? msg.from.id : 'test_sender' },
+          message: { text: msg.text || '[Test message from Meta]' }
+        });
+      });
+    }
+    return {
+      object: 'instagram',
+      entry: [{ id: 'test_entry', messaging: messaging }]
+    };
+  }
+  return null;
+}
+function verifyWebhookSignature(req) {
+  var signature = req.headers['x-hub-signature-256'];
+  if (!signature) {
+    winston.warn("(ig) Missing x-hub-signature-256 header — processing anyway");
+    return true;
+  }
+  if (!APP_SECRET) {
+    winston.warn("(ig) APP_SECRET not configured — skipping signature validation");
+    return true;
+  }
+  var algo = 'sha256';
+  var expected = signature.replace('sha256=', '');
+  var hmac = crypto.createHmac(algo, APP_SECRET);
+  hmac.update(JSON.stringify(req.body));
+  var computed = hmac.digest('hex');
+  var valid = (expected === computed);
+  if (!valid) {
+    winston.error("(ig) Webhook signature mismatch — expected=" + expected + " computed=" + computed);
+    if (process.env.DEBUG_SIGNATURES === 'true') {
+      winston.debug("(ig) Raw body for signature: " + JSON.stringify(req.body));
+    }
+  }
+  return valid;
+}
-  winston.verbose("(fbm) Message received from Facebook Instagram");
+function processInstagramWebhook(req, res) {
+  winston.verbose("(ig) Processing Instagram webhook");
-  let body = req.body;
-  if (body.object === 'page') {
+  if (!verifyWebhookSignature(req)) {
+    winston.warn("(ig) Signature invalid — still responding 200 to keep webhook healthy");
+  }
-    let page_id = body.entry[0].id;
-    let PAGE_KEY = "instagram-page-" + page_id;
-    let info_settings = await db.get(PAGE_KEY);
+  res.status(200).send('EVENT_RECEIVED');
-    if (!info_settings) {
-      winston.debug("(fbm) Facebook page not enabled --> Skip")
-      return res.status(200).send('EVENT_RECEIVED');
-    }
+  setImmediate(async () => {
+    try {
+      let body = req.body;
+      winston.verbose("(ig) Processing webhook asynchronously");
+      var testBody = convertTestWebhook(body);
+      if (testBody) {
+        winston.info("(ig) Using converted test webhook body");
+        body = testBody;
+      }
-    let project_id = info_settings.project_id;
-    winston.debug("(fbm) project_id: " + project_id);
+      if (body.object !== 'instagram' && body.object !== 'page') {
+        winston.debug("(ig) Unknown webhook object: " + body.object + " — skipping");
+        return;
+      }
-    let CONTENT_KEY = "instagram-" + project_id;
-    let settings = await db.get(CONTENT_KEY);
+      body.entry.forEach(async (entry) => {
+        if (entry.changes) {
+          winston.verbose("(ig) Non-message event (changes): " + JSON.stringify(entry.changes).substring(0, 200));
+          return;
+        }
-    body.entry.forEach(async (entry) => {
+        if (!entry.messaging || !entry.messaging[0]) {
+          winston.verbose("(ig) Entry has no messaging events — skipping");
+          return;
+        }
-      let instagramChannelMessage = entry.messaging[0];
-      winston.debug("(fbm) webhook_event: ", instagramChannelMessage);
+        var entryId = entry.id;
+        winston.debug("(ig) Entry ID: " + entryId);
-      const tlr = new TiledeskInstagramTranslator();
-      const tdChannel = new TiledeskChannel({ settings: settings, API_URL: API_URL })
-      const fbClient = new FacebookClient({ GRAPH_URL: GRAPH_URL, FB_APP_ID: FB_APP_ID, APP_SECRET: APP_SECRET, BASE_URL: BASE_URL });
+        var PAGE_KEY = "instagram-page-" + entryId;
+        var info_settings = await db.get(PAGE_KEY);
-      const page = settings.pages.find(p => p.id === page_id);
+        if (!info_settings) {
+          winston.debug("(ig) No settings found for entry " + entryId + " — checking project by scanning");
+          return;
+        }
-      let user_info = await fbClient.getUserInfo(page.access_token, instagramChannelMessage.sender.id).catch((err) => {
-        winston.error("(fbm) getUserInfo error: ", err?.response?.data || err.message || err);
-        return { first_name: "User", last_name: instagramChannelMessage.sender.id };
-      });
+        var project_id = info_settings.project_id;
+        winston.debug("(ig) project_id: " + project_id);
-      instagramChannelMessage.sender.fullname = user_info.first_name + " " + user_info.last_name;
+        let CONTENT_KEY = "instagram-" + project_id;
+        let settings = await db.get(CONTENT_KEY);
-      winston.debug("(fbm) page: " + page);
-      winston.debug("(fbm) user_info: ", user_info);
+        var instagramChannelMessage = entry.messaging[0];
+        winston.debug("(ig) webhook_event: ", instagramChannelMessage);
-      let message_info = {
-        channel: TiledeskInstagramTranslator.CHANNEL_NAME,
-        instagram: {
-          page_id: page_id,
-          sender_id: instagramChannelMessage.sender.id,
-          firstname: user_info.first_name,
-          lastname: user_info.last_name
-        }
-      }
+        const tlr = new TiledeskInstagramTranslator();
+        const tdChannel = new TiledeskChannel({ settings: settings, API_URL: API_URL });
+        const fbClient = new FacebookClient({ GRAPH_URL: GRAPH_URL, FB_APP_ID: FB_APP_ID, APP_SECRET: APP_SECRET, BASE_URL: BASE_URL });
-      if (instagramChannelMessage.message &&
-        instagramChannelMessage.message.attachments &&
-        instagramChannelMessage.message.attachments.length > 1) {
+        const page = settings && settings.pages ? settings.pages.find(p => p.id === entryId) : null;
+        var pageAccessToken = page ? page.access_token : null;
-        const messageHandler = new MessageHandler();
-        let messagesList = await messageHandler.splitMessageFromInstagram(instagramChannelMessage);
+        if (!pageAccessToken && settings && settings.ig_oauth_token) {
+          pageAccessToken = settings.ig_oauth_token.access_token;
+        }
-        for (let message of messagesList) {
+        var user_info = { first_name: "User", last_name: instagramChannelMessage.sender.id };
+        if (pageAccessToken) {
+          user_info = await fbClient.getUserInfo(pageAccessToken, instagramChannelMessage.sender.id).catch(function(err) {
+            winston.error("(ig) getUserInfo error: ", err?.response?.data || err.message || err);
+            return { first_name: "User", last_name: instagramChannelMessage.sender.id };
+          });
+        }
-          let tiledeskJsonMessage = await tlr.toTiledesk(message);
-          winston.verbose("(fbm) tiledeskJsonMessage: ", tiledeskJsonMessage);
+        instagramChannelMessage.sender.fullname = user_info.first_name + " " + user_info.last_name;
+        var message_info = {
+          channel: TiledeskInstagramTranslator.CHANNEL_NAME,
+          instagram: {
+            page_id: entryId,
+            sender_id: instagramChannelMessage.sender.id,
+            firstname: user_info.first_name,
+            lastname: user_info.last_name
+          }
+        };
+        if (instagramChannelMessage.message &&
+          instagramChannelMessage.message.attachments &&
+          instagramChannelMessage.message.attachments.length > 1) {
+          const messageHandler = new MessageHandler();
+          let messagesList = await messageHandler.splitMessageFromInstagram(instagramChannelMessage);
+          for (let message of messagesList) {
+            let tiledeskJsonMessage = await tlr.toTiledesk(message);
+            if (tiledeskJsonMessage) {
+              try {
+                await tdChannel.send(tiledeskJsonMessage, message_info, settings.department_id);
+              } catch (err) {
+                winston.error("(ig) Error sending split message: ", err);
+              }
+            }
+          }
+        } else {
+          let tiledeskJsonMessage = await tlr.toTiledesk(instagramChannelMessage);
           if (tiledeskJsonMessage) {
             try {
               await tdChannel.send(tiledeskJsonMessage, message_info, settings.department_id);
-              winston.verbose("(fbm) Message sent to AI Manager")
             } catch (err) {
-              return res.status(500).send({ success: false, error: "Error sending exoìpiration message" });
+              winston.error("(ig) Error sending message: ", err);
             }
-          } else {
-            winston.verbose("(fbm) tiledeskJsonMessage is undefined!")
           }
         }
+      });
-      } else {
-        let tiledeskJsonMessage = await tlr.toTiledesk(instagramChannelMessage);
-        winston.verbose("(fbm) tiledeskJsonMessage: ", tiledeskJsonMessage);
-        if (tiledeskJsonMessage) {
-          try {
-            await tdChannel.send(tiledeskJsonMessage, message_info, settings.department_id);
-            winston.verbose("(fbm) Message sent to AI Manager")
-          } catch (err) {
-            return res.status(500).send({ success: false, error: "Error sending message" });
-          }
-        } else {
-          winston.verbose("(fbm) tiledeskJsonMessage is undefined!")
-        }
-      }
-    })
-  }
-  return res.status(200).send('EVENT_RECEIVED');
-})
-router.get('/webhookFB', async (req, res) => {
-  winston.verbose("(fbm) Verify the webhook... ", req.query);
-  // Parse the query params
-  let mode = req.query['hub.mode'];
-  let token = req.query['hub.verify_token'];
-  let challenge = req.query['hub.challenge'];
-  winston.verbose("(fbm) token: " + token);
-  winston.verbose("(fbm) verify token: " + VERIFY_TOKEN);
-  winston.verbose("(fbm) mode: " + mode)
-  winston.verbose("(fbm) challenge: " + challenge)
-  // Checks if a token and mode is in the query string of the request
-  if (mode && token) {
+    } catch (err) {
+      winston.error("(ig) Async webhook processing error: ", err?.response?.data || err.message || err);
+    }
+  });
+}
-    // Checks the mode and token sent is correct
-    if (mode === 'subscribe' && token === VERIFY_TOKEN) {
+router.post('/webhookIG', function(req, res) {
+  winston.verbose("(ig) POST /webhookIG");
+  processInstagramWebhook(req, res);
+});
-      // Responds with the challenge token from the request
-      winston.verbose('(fbm) Webhook verified');
-      return res.status(200).send(challenge);
+router.post('/webhookFB', function(req, res) {
+  winston.verbose("(ig) POST /webhookFB");
+  processInstagramWebhook(req, res);
+});
-    } else {
-      // Responds with '403 Forbidden' if verify tokens do not match
-      return res.sendStatus(403);
-    }
+function handleWebhookVerify(req, res) {
+  winston.verbose("(ig) Verify webhook... ", req.query);
+  var mode = req.query['hub.mode'];
+  var token = req.query['hub.verify_token'];
+  var challenge = req.query['hub.challenge'];
+  if (mode && token && mode === 'subscribe' && token === VERIFY_TOKEN) {
+    winston.info("(ig) Webhook verified");
+    return res.status(200).send(challenge);
   }
+  winston.warn("(ig) Webhook verify failed — mode=" + mode + " token match=" + (token === VERIFY_TOKEN));
   return res.sendStatus(403);
-})
+}
+router.get('/webhookIG', function(req, res) { handleWebhookVerify(req, res); });
+router.get('/webhookFB', function(req, res) { handleWebhookVerify(req, res); });
 router.get('/auth/instagram/start', async (req, res) => {
   winston.verbose("(ig) /auth/instagram/start");
@@ -688,7 +751,7 @@ router.get('/oauth-callback', async (req, res) => {
     var CONTENT_KEY = "instagram-" + projectId;
     var settings = await db.get(CONTENT_KEY) || {};
-    settings.ig_oauth_token = tokenData;
+    settings.ig_oauth_token = instagramOAuth.encryptToken(tokenData);
     settings.instagram_username = tokenData.username;
     settings.instagram_business_id = tokenData.instagram_business_id;
     settings.connected = true;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@resultcrafter/aimanager-instagram-connector",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "AI Manager Instagram DM connector",
   "main": "index.js",
   "scripts": {